So, I've tried all the possible solutions for unlocking my new Ascend Mate 2 and they all don't work. The Chinese site says something about 14 days and, honestly, this phone is as useful as a doorstop as long as I can't root it. Can anybody please get my unlock code from the Chinese unlocking site?
Okay, so I figured out a way that actually works instead of all the garbage links you find everywhere on the Ascend Mate2, 7, 8, etc. forums. Huawei is fully incompetent and incapable of providing a simple, no-nonsense way to unlock their phones and it's completely infuriating that I had to jump through so many hoops to find the only currently viable solution. Probably going to be my first and last Huawei phone after this.
As some of you might have noticed, the English unlocking site gives a "Server is busy" error no matter when or how often you try. The Chinese site requires you to do some voodoo BS involving creating an account, logging in/registering from your phone and staying online for 14 days before they'll give you a code (and it seems anybody who recently used it successfully can't get an unlock code for anybody else anymore). The e-mail solution no longer works because (according to recent reports in other threads for other Huawei phones), they no longer hand out unlock codes and refer you to the Chinese site. The Ascend Mate 7 unlock site that was linked in the general Ascend Mate 2 thread gives a 404 not found message.
The only solution I've found that *actually* currently works is using the DC Unlocker client (https://www.dc-unlocker.com/). It costs 4 Euros or 4.xx USD, but it's worth it because it simply works once you know exactly how to use it.
Make sure you install the drivers beforehand. I think I've lost the link to the standalone drivers, but you can get the Hisuite software directly from Huawei and it'll install them automatically. Don't ask me in what order to do this, it just suddenly worked for me.
DO NOT PRESS "READ UNLOCK CODES"
Basically, the instructions are (with the phone hooked up by USB):
1. Download the client.
2. Buy credits (and in the process create an account).
3. Start the client.
4. Set "Select manufacturer:" to "Huawei phones"
5. Do what it says in the text box below
- > go to the phone dial pad, enter *#*#246579#*#*, go to ProjectMenu -> Background settings -> USB ports settings, and set it to "Manufacture mode"
5. Set "Select model" to "Auto detect" (so you don't have to fiddle with the ports)
6. Press the big magnifying glass/search button. (it should detect your phone automatically)
7. Press the "Server" tab and enter your account login info
DO NOT PRESS "READ UNLOCK CODES"
8. Go to the "Unlocking" tab
9. ONLY PRESS "READ BOOTLOADER CODE"
DO NOT PRESS "READ UNLOCK CODES"
It'll give you a long series of numbers, that's your unlock code.
I initially used "Read unlock codes" and it gave me a bunch of bull**** numbers that don't do jack. Wasted a good 4 Euros to bring you this information.
I hope this helps whatever poor souls decide to buy themselves an Ascend Mate 2 in the future.
TL;DR **** Huawei
I have and continue to this day been able to use the Chinese site without ANY issues.
Related
First, my English is not very good. So my expression could have been worse.
My phone is currently locked. (Pattern lock). I can not remember my pattern lock. I want to recover my data on my phone. Because of this. I do not want my phone to format. How you can help me on this topic.
Details...
I have one xperia z1. I've been using for two years. I never use my phone screen lock. However, the following events took place after the update, lollipops. Different users can be defined in Lolipo version. I suddenly asked me to guest users from passing their users to lock pattern. I kept thinking I choose to use a random key. I do not remember the reason for being late to lock up the following night. Phone certainly is not stolen. Of course, it gives you the possibility to prove the turkey unfortunately not available. We searched the forum and have solutions include sites around the world.
1- 5 times or higher test pattern lock my google password certainly does not ask me or a different security password.
2- Sony - I contact the turkey, but says the installation of new phone software.
3- I entered Google Play account. Android Device Manager tab from the "find my phone" was working. Because I do it in my google account settings
4 USB debugging mode can not turn my phone off because it is the pattern lock. Guests at this property for the user is not active. This is a solution in series
5. I can not phone in recovery mode. I asked Sony turkey. They said that you need to enter the unlock pattern inside. He did not believable.
I present in very beautiful and precious photos of my phone. (I do not use SD card) Please help me. I do not want to take phone format: (((
I can not run the USB debugging mode. For this reason, I can not link below.
tatanka210 said:
First, my English is not very good. So my expression could have been worse.
I have one xperia z1. I've been using for two years. I never use my phone screen lock. However, the following events took place after the update, lollipops. Different users can be defined in Lolipo version. I suddenly asked me to guest users from passing their users to lock pattern. I kept thinking I choose to use a random key. I do not remember the reason for being late to lock up the following night. Phone certainly is not stolen. Of course, it gives you the possibility to prove the turkey unfortunately not available. We searched the forum and have solutions include sites around the world.
1- 5 times or higher test pattern lock my google password certainly does not ask me or a different security password.
2- Sony - I contact the turkey, but says the installation of new phone software.
3- I entered Google Play account. Android Device Manager tab from the "find my phone" was working. Because I do it in my google account settings
4 USB debugging mode can not turn my phone off because it is the pattern lock. Guests at this property for the user is not active. This is a solution in series
5. I can not phone in recovery mode. I asked Sony turkey. They said that you need to enter the unlock pattern inside. He did not believable.
I present in very beautiful and precious photos of my phone. (I do not use SD card) Please help me. I do not want to take phone format: (((
I can not run the USB debugging mode. For this reason, I can not link below.
Click to expand...
Click to collapse
Hello....tatanka210!!
i understand ur problem....:crying:it's a bit frustrating..
according to your post.... i did not understand "I can not phone in recovery mode"...can u explain it to me?
[email protected] said:
Hello....tatanka210!!
i understand ur problem....:crying:it's a bit frustrating..
according to your post.... i did not understand "I can not phone in recovery mode"...can u explain it to me?
Click to expand...
Click to collapse
Hello
My phone is currently locked. (Pattern lock). I can not remember my pattern lock. I want to recover my data on my phone. Because of this. I do not want my phone to format. How you can help me on this topic.
I ask this because the site I have to be able to visit and function 24/7 is aspx-based. Here is some details to understand my issue.
The site is an affiliate-type one and I transfer money from once bank account to users, and I have to do it, when they ask it.
So, it's not a big deal for me to do that, when I'm at my workplace or my home, but I have life and I cannot be 16 hours a day at home. When I tried to access the website from my smartphone (TCL 5042D) using Chrome and Firefox and Browser (phone's own browser)(I encountered the same problem at the same spot from all 3 of them-I'll explain the problem right now), I logged in just fine. The customer's accounts are in one page and from there simply press the + or - buttons (depends on what the customer wants) and then a popup will appear, having a 2 boxes that I have to write the amount of money and a description for the transaction. As soon as I press to the boxes, the smartphone zooms as it supposed to be (in order to see what you're typing) and the popup disappears from the screen disabling me to press the ok and to put description.
What, do you believe? Could it be a bad-written aspx site, or is it natural to react that way? And what do you suggest?
(English is not my mother language, and if you find any difficulty to comprehend the text above, post to the thread your question, in order to clarify what you didn't understand)
**Let me start off by saying that I have not had a chance to verify but I do not have the error that NFC is not enabled anymore.**
Requirements -
1. Android Pay (Google Pay will not work on my watch although I read a post by someone who says it works on theirs)
2. Tasker installed on phone
3. Autowear Plugin to Tasker installed on phone and watch
4. A PC with adb installed
Step 1: Enable Developer Options on Watch
Step 2: Turn on ADB Debugging and Debug over WiFi
Step 3: Open command prompt or powershell in the folder where you have adb (hold shift and right click)
Step 4: In powershell, type adb connect 198.162.X.X:5555 (use the actual IP of your watch). Press Enter. The watch will prompt you to accept the connection. Select Always Allow.
Step 5: Type adb shell pm grant com.joaomgcd.autowear android.permission.WRITE_SECURE_SETTINGS. Press Enter. It may take a minute or two but if you don't receive an error, it worked.
Step 6: Open Tasker on your phone. Select Tasks. Hit the + sign in the bottom right. Select Plugin -> Autowear -> Secure Settings. When the new window opens, click the pencil next to Configuration. Set Command to Execute to &CONNECTED&. Click Custom Setting. Setting Type is Global, Name is <NFC>, Input type is Toggle, and Value is 1. Once all those are set, click the back arrow to get back to the AutoWear Secure Settings page. Click the checkmark at the top to save the settings.
Step 7: In powershell on the pc, type adb install com.google.android_apkmirror.com.apk. Press Enter. It should say Success once it finishes.
Step 8: On your phone, under the Task Edit screen (where you should be if you did not exit out from step 6) click the "Play" button on the bottom left. You should get a green dot next to the word configuration at the top.
Step 9: Open Android Pay on the watch. It will take you through the setup and tell you to finish on your phone. Once you finish adding a card, it should show up on the watch. "To pay with your watch, you need to turn on NFC" will show up and blink a couple of times then go away. It should show your card with "Hold to terminal.." above it.
This is something I threw together real quick to get the word out. Like I said in the beginning, I have not tried it at a terminal yet. As soon as I do, I will repost with results. Also in the near future, I will streamline the process, add a command to Tasker to keep NFC on always, and hopefully pay without opening the Android Pay app on the watch (Simply have the watch unlocked). I have attached the Android Pay apk below. If anyone tries this and uses the watch at a terminal, please post results.
I had a feeling a developer would find a way. I wonder why google pay isn't working for you and why Android pay says it needs NFC when it is already enabled. Have you tested to see if it does indeed enable it?
developer209 said:
I had a feeling a developer would find a way. I wonder why google pay isn't working for you and why Android pay says it needs NFC when it is already enabled. Have you tested to see if it does indeed enable it?
Click to expand...
Click to collapse
I am in no way a developer. Just trying some stuff out. I tried to Pay with the watch and it did not work. Hopefully someone with some knowledge and experience will see something here and guide us in the right direction to get this working.
That could mean one of two things, either the watch's NFC is not actually on or Android pay is not transmitting the signal.
This does not actually enable NFC. I tried paying with Google Pay and it did not detect anything. I don't think NFC can be enabled without root and adding some files that are missing.
Sent from my Nexus 6P using XDA Labs
Verizon promised to add pay and turn NFC on I say we hold them to it as owners of their watch discontinued or not this is as advertised.
https://www.verizonwireless.com/support/knowledge-base-209381/
Is it possible that kernel doesn't include NFC drivers? Kernel sources here contain the NFC drivers, but are they on the device?
Hi,
Added a tag to Title to avoid confusion.
I really appreciate the kind of topics you post here. Thanks for sharing information that is actually helpful. Good day!
Not working for me so far. I'm going to try it again at a McDonalds kiosk, but I found something of relevance...
It appears no NFC service is registered on my Wear24, so if there's no service to call... there should be no way to enable NFC. Note that I'm on AW 2.15
Log proving no service exists: https://textuploader.com/dvc7s
The only way to fix this is with a whole new ROM update, be it by the community or Verizon.
Anything going on?
Now that we have got the new wearOS 2.0 and nothing from Verizon coukd we pretty much say that the odds of getting Google Pay working on this watch are almost none?
Hi,
I've bought a WiFi only M5 8.4 and would like to make the initialisation setup without registering an Huawei-ID.
After switching on for the first time, I choose my language, Accept Terms and Conditions, connect to my WiFi, choose several Google services, skip screen lock style and then i come to a page "Welcome to your SHT-W09". There I choose "Set up as new" and the next screen is the Huawei-ID Login/Registration screen. I choose again SKIP, because i don't want to register at Huawei and I come back again to the page where i came from "Welcome to your SHT-W09". I'm in a loop.
If I don't choose "Set up as new" and use "A backup from the cloud", I can choose one of my several Android devices, can select which data I want to restore, then the data is restored and in the next point I'm back again on the Huawei-ID Login/Registration screen. So I'm also in a loop.
Is this normal? Does huawei really force me to register an Huawei ID? I just have two options after skipping the Huawei-ID page and both option bring me back to this page. I've spoken to friends who uses Huawei phones and no one needed to register an Huwei ID for the initialisation setup! Is this a new method to force all users to having a Huawei-ID?
Regards,
Marco
Hi, Marco. I have set up my European M5 (LTE) version yesterday without such a loop. If memory serves well, I had to look for the proper "skip"-button, which was a bit small, greyish and at the bottom left side, IIRC, but I definitely could skip it.
I've set in mine , the login with google on huawei ID.
Hi, I just bought my M5 10.1 version from China, now i cant even see google apps in my Huawei tablet, what to do??
Picked up a Moto G8 Power off Ebay and I havent touched an Android since I flashed a HTC Desire with Cyanogen Mod years ago.
Product/Variant: sofair XT2041-3 64GB PVT
?BootLoader? BL:MBM-3.0-sofiar-reteu-0f8934adaf8-210928
BaseBand: M6125_43.45.03.48R Sofia_rowdsds_cust
Recovery mode shows: RPES31.Q4U-47-35-9/54bc43
oem_locked
Spent all of today going around in circles.
Google Locked = it wants a pin to verify. Ebay ad stated it was google locked house clearance and not stolen. Nothing shows up in CheckAmend.com
On an offline PC
Android Studio installed - strangely ADB nowhere to be found.
ADB installed separately.
Got Magisk apk
Got from lolinet mirrors
XT2041-3_SOFIAR_RETEU_11_RPES31.Q4U-47-35-9_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml
blankflash_sofiar_RPE31.Q4U-47-35
From Motorola
Motorola_Mobile_Drivers_64bit
Rescue_and_Smart_Assistant_v6.3.2.12_setup - This will not install and I find this error in the Windows eventlog
MDM Declared Configuration: Function (checkNewInstanceData) operation (Read isNewInstanceData) failed with (The parameter is incorrect.)
Motorola support cant help until monday, but it might be a ASLR or some other MS security thing.
TWRP is missing the Motorola G8 on their website, G7 and G9 and others exist, so this is not an option.
Followed some of those youtube videos showing how to bypass the FRP, which appear to use a variety of tricks to either disable the Google Play Service or use an app to launch another app, a bit like getting the 2nd dial tone by calling a business freephone number, and hacking their phone system to get an onward outbound dial tone in the 80's.. Showing my age!
Before I put the device online using wifi and no sim for mobile data, I could get access to the Androids settings, where I could list apps, set permissions and other things so I'd tried to disable the play store, but these tricks wouldnt work. Put it online and it appears Android has been updated so those previous tricks for getting all the apps listed and makiing changes to their permission etc is no longer there. One of them was using the emergency phone, getting to the contact detail and then choosing a pic to gain access to other apps and that also stopped working and has disappeared which is why I say I think its been updated in all but version number!
I can access a fat32 sd card in recovery mode, but the apk files I put on it dont show, just the folders Android created on blank Fat32 partitions.
USB and ADB dont detect this device so I cant use the Wireshark USB to watch what is going over the USB connection.
AFAIK Android DeveloperMode/Debugging Mode is disabled.
I havent touched an android since the HTC Desires appeared and then I ported it Cyanogen Mod, but I subsequently learnt the UK Police had access to my phone even back then!
Not taking it apart to get access to the JTAG (just yet), I bought a few broke Pixel4A to see what I could learn about them when they arrive as well.
I see in fastboot, the mention of a "console [NULL]:null" is this the fastboot.exe alongside adb.exe in android tools, or something else?
So is there any other way or suggestion to get root for this device?
I fancied looking at LineageOS, or maybe some other OS like an unofficial port of GrapheneOS. I've found the device tree info put up by someone on here which would suggest its possible to port from Android 10Q to an Android11 distro/os, but my first hurdle is my stumbling block, I cant get the USB to work and have not found any other way to get beyond this stage to poke around with the OS and phone.
So any pointers, suggestions, advice, will be much appreciated!
TIA
Edit. It looks like Android/Google/Motorola have done a good job at locking down this OS and phone.
Edit2
Saw this thread here about making sure the Motorola drivers are installed properly.
[HELP] I seem to have bricked my Moto G Power and not it's stuck on bootloader.
This is what it looks like, and if I try to boot into recovery or system it just says "no operating OS found." Windows won't recognize it when trying to connect via USB. Any way to fix this? Help would be greatly appreciated.
forum.xda-developers.com
On Win10x64 I've been into c:\windows\system32\DriverStore\FileRepository, sorted the subfolders by todays date/time and can see a number of subfolders like
motoandroid.inf_amd64_dd80f24dcfb3dc931
motoandroid2.inf_...
motodrv.inf_....
motousbnet.inf....
and when inspecting one of the .inf files in notepad I can see there appears to be a service linked to the driver, but when I check the services, there isnt any services installed.
So I'm starting to think maybe Motorola's installation software doesnt work on windows with the default windows security settings, like exploit protection running.
More investigations...
Edit4
In the Control Panel (yes its still there in Win10), Device Manager, Other Devices are a couple of entries which the latest attempt to install the Motorola USB x64 msi installer created.
These are:
Mot Composite ADB Interface
Motorola ADB Interface
In c:\Windows\system32\drivers are a couple of 0KB wdf files (Windows Driver Foundation) files:
Msft_Kernel_WinUSB_01009.Wdf
MSft_Kernel_motoandroid_01009.wdf
Msft_User_WpdFs_01_11_00.wdf
So when looking at the c:\windows\system32\DriverStore\FileRepository I think the driver that needs to be installed can be found in the subfolder:
motoandroid.inf_amd64_dd80f24dcfb3dc931
However opening the motoandroid.inf file inside I can see lines like
DriverVer=03/25/2013, 1.3.0.0
As this folder was created about 30mins+ earlier, am I correct to believe the actual motorola driver was created back in 25th March 2013 and is version 1.3?
I know its possible to edit inf files to make drivers W2k and XP drivers work on later versions of windows, but the motorola website has the version number 6.4 but is this 6.4 the version number of the installation program?
Anyway scrolling further down the motoandroid.inf I can see towards the bottom instructions to install a service
"Mot ADB Interface Installation Driver" and it needs to find the actual driver in %root%\System32\Drivers\motoandroid.sys
Various paramaters, like a transfer size 4096bytes, a debug level of 2 and plenty of guids which will be found in the registry.
Anyway uninstalling the software as now removed these subfolders from the DriverStore\FileRepository, so a reboot and another attempt to see where its failing.
I just hope it doesnt need an internet connection, as this offline pc is a dev machine.
Onwards and upwards....
Edit 5
So the Windows 10 setting which prevents the Lenevo Rescue and Smart assist from installing is the Windows App and Browser Control > Exploit Protection > Force randomisation for images (Mandatory ASLR) when its on.
You can have every other windows setting on, like ransomware protection, normal ASLR, DEP etc etc and LMSA installs fine, right now its downloading an image to flash from FastBoot, but its not got the Developer mode/USB debug enable in android to make this possible.
Now lets see if I can get the Motorola USB drivers to work with ADB...
Got to say these forums are excellent cheap intelligence gathering tools for manufacturers and software companies to harden their products.
So tried lots and lots of these types of YouTube videos which are exploiting an SE Linux "vulnerabilities/design flaw" by getting access to enough of the system in order to disable/force stop certain apps in order to get past FRP block.
Some of these are less than a month old with less than 100 views, but I also suspect some of them of doing a bit of camera editing. I guess its a way of bunking up the number of views for a youtube account, before it gets rebranded, if thats even possible!?!
Now I managed to get the Lenovo Rescue and Smart Assist program to work, once I realised it will not install when Windows Exploit protection/Mandatory ASLR is enabled (which is a give away as to what the installer is doing on my system as well), and the give away information which suggests it might be worth downloading wireshark and installing the USB "packet" sniffer is the fact that when LMSA is running and you plug your usb cable into the Motorola phone, the phone displays the battery power as a xx% inside a swirling circle of sorts.
So there is some sort of USB communication taking place?
The other thing that gives it away is when you type in your IMEI number into the LMSA Rescue section, its detecting the version of firmware and wants to download the latest version.
LMSA did this to me last night as it downloaded
SOFIAR_RETEU_RPES31.Q4U_47_35_12_subsidy_DEFAULT__regulatory_DEFAULT_CFC.XML.zip
which I guess I can search for on this computer, or at least search for files on my windows hard drive created within a certain date/time frame, as the filename might be scrambled/obfuscated in some temp folder.
So is it just Firmware level communication, or is there some sort of Android communication taking place as well?
If its just firmware, then what could be elucidated/deduced from attacking the firmware? Perhaps its time to get the Wireshark USB sniffer out after all.
As I can also put an SD card into the phone (the start of a potential side channel attack) and the phone will load the SD card, I could explore different routes like some "malware" embedded using a picture to attach to the Emergency Contact details, maybe some PHP embedded in the pictures EXIF data or something that could trigger some other secondary app/process in Android into action.
It might pay for me to lookup the Google Android source if its open source, and look at the Android project source which is open source for any vulnerabilities. Anything mentioned in Github could give away clues
Configure on-device developer options | Android Studio | Android Developers
Learn how to configure system behaviors that help you profile and debug your app performance.
developer.android.com
So are there any issues listed here which doesn't just affect Android 13, but maybe earlier versions as well?
Google Issue Tracker
issuetracker.google.com
So lots of less obvious or not publicly mentioned intelligent sources of potential attack vectors in plain sight.
Seeing if I can alter the cpu clock speed and quantum could also help to introduce some instability, Linux has a wider range of cpu schedulers than windows, but this route tends to hang systems and I have to get enough access to this phone in order to change the route.
The recovery msg logs seen when selecting different bootloader options give away info, I think this is DMesg output of sorts. I'm not a linux programmer, just a boring old windows programmer.
I could explore what else could be loaded from the SD card, using the Bootloader menu options. I was surprised the APK packages dont appear in SD card in the "Recovery Mode > Apply updates from SD card" option. Maybe its not expecting a APK file extension? Mybe its expecting a different file of sorts like a .bin file or .img file. Is this where BlankFlash comes into play?
I have to admit, buying a second hand phone like this with FRB enabled off Ebay from a guy purporting to be in Salisbury home of Noivchok, is also a great way of spreading the latest and greatest malware to unsuspecting hackers and also to phish those who could potentially get around the FRB restriction with the minimum of effort. The UK civil service have their own internal postal system so has something been posted internally down the M5 motorway from Cheltenham, for some intelligence gathering or a cheap way of outsourcing some device cracking?
Oh well the silence is deafening.
So Motorola Support Centre have been in touch and stated:
I am really sorry to say that the kill switch feature, which is known as "Google Lock" is not bypassable by anyone other than the repair center.
So they are stating the Android Factory Reset Protection (FRP) can be bypassed which is another way of saying it can be undone, so the next challenge is finding out where on the device this flag or flags resides.
Is it something like the RaspberryPi One Time Programmable (OTP) switch's that may not be One Time Programmable but like the dip switches seen on the motherboards of early 8086/286/386/etc personal computers, or something else like a file on the main storage device with the rest of android.
I think the first thing to do is get Wireshark and the USB sniffer to see what information is being sent over the USB cable.
And as its possible to get the device online via wifi, it's probably a good idea to see what information is being sent over wifi, so using wireshark on a raspberrypi masquerading as an access point might be useful as well.
So the first thing to do is have a look at the Android documents
Android
Android has 74 repositories available. Follow their code on GitHub.
github.com
https://developer.android.com/reference/android/app/admin/FactoryResetProtectionPolicy
The factory reset protection policy determines which accounts can unlock a device that has gone through untrusted factory reset.
So it looks like Android are also stating the Factory Reset Protection can be undone. It seems a that a single user setup and a corporate setup exist, where a corporate account could be used to remotely wipe a device and then reenable the device, I guess if the user hands it back to the company.
https://developer.android.com/about/versions/marshmallow/android-6.0-changes API 23
EXTRA_PROVISIONING_RESET_PROTECTION_PARAMETERS is removed so NFC bump provisioning cannot programmatically unlock a factory reset protected device.
You can now use the EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE extra to pass data to the device owner app during NFC provisioning of the managed device.
Interestingly, NFC can be used to unlock FRP in earlier versions of Android. and its possible to use NFC to potentially configure and more other devices using NFC. As NFC is just a low power and thus low range frequency in the RFID range of frequencies alot of other things could be possible. NFC to me is just like any other form of communication method, beit a usb cable, telephone wire, wifi, ultrasonic sounds, or Infrared.
Radio-frequency identification - Wikipedia
en.wikipedia.org
NFCIP-1 and NFCIP-2
Near-field communication - Wikipedia
en.wikipedia.org
As NFC can communicate a request and response, and Android is using NFC to configure devices, using NFC may be a novel attack vector for peoples android devices, without them knowing about it unless they capture on a personal webcam everyone and every NFC device they come in to close contact with. Maybe using payment terminals could become a new attack vector at your favorite local retail outlet?
Well if Covid doesnt make people socially distanced, then maybe an NFC attack vector might if it works beyond the claimed 4cm operating range! Unfortunately this phone does not come with NFC, but others do.
I've got to find the source code....
Android (operating system) - Wikipedia
en.wikipedia.org
Most versions of Android are proprietary. The core components are taken from the Android Open Source Project (AOSP), which is free and open-source software (FOSS) primarily licensed under the Apache License.
Search results for "factory reset protection" | Android Open Source Project
source.android.com
The default implementation of Test Harness Mode uses the same storage mechanism as Factory Reset Protection to store the ADB keys temporarily in a persistent partition.
So it looks like I need to gain access to this "persistent partition" and try to find this ADB for starters.
Seems a bit sneeky of Google and Android here. https://source.android.com/docs/security/bulletin/2016-02-01
At the bottom of the Android webpage is a link to Factory Images of the Google Nexus and Pixel phones which jumps you to Google web page. No indication what so ever I'm leaving Android and going to Google!
Flashing devices | Android Open Source Project
source.android.com
To enable OEM unlocking on the device:
In Settings, tap About phone, then tap Build number seven times.
When you see the message You are now a developer!, tap the back button.
In Settings, tap System, then tap Developer options and enable OEM unlocking and USB debugging. (If OEM unlocking is disabled, connect to the internet so the device can check in at least once. If it remains disabled, your device might be SIM locked by your carrier and the bootloader can't be unlocked.)
Reboot into the bootloader and use fastboot to unlock it.
For newer devices (2015 and higher):
fastboot flashing unlock
For older devices (2014 and lower):
fastboot oem unlock
Tip: if you're seeing `adb devices` output before reboot but fastboot or the flash script are misbehaving, it might be issues with your USB cable. Try a different port and/or switching connectors. If you are using a USB C port on your computer try a USB A port instead.
Confirm the unlock onscreen.
Well the instructions I've seen only talk about the gaining access to settings and the doing 7 taps on the Build Number. Lets see if the rest of the instructions work.
Onwards and upwards....
Well sent the phone back the Ebay seller claiming to be a house clearance business wouldnt provide any paperwork to back up his claims of how he came to be in possession of the phone. So as I planned to do some computer forensics on it, like retrieve the files wiped by a Factory Reset, and the perverse interpretation of the law in this UK, I wasnt prepared to go any further with the phone. So its been sent back. The banks have already shown how untouchable they are, other big businesses are also in the same position and finding illegal stuff on a phone is not a risk I'm not prepared to take without paperwork.